SGM Policy Management
Because the 61000/41000 Security System works as one large Security Gateway, all SGMs are configured with the same policy. When you install a policy from the management server, it first installs the policy on the SMO. The SMO copies the policy and SGM configuration to all SGMs in the UP state. When an SGM enters the UP state, it automatically gets the currently installed policy and configuration from the SMO. If there is no SMO (when there is only one SGM in the UP state), that SGM uses its local policy and configuration.
If there are problems with the policy or configuration on an SGM, you can manually copy the information from a different SGM.
An SGM configuration has these components:
- Firewall policy, which includes the Rulebase.
- Set of configuration files defined in the
/etc/xfer_files_list file. This file contains the location of all related configuration files. It also defines the action to take if the copied file is different from the one on the local SGM.
|
|